From 5153cdc35e816a2224da1dac0e4d316bf847473d Mon Sep 17 00:00:00 2001 From: Zhou Song Date: Tue, 22 Mar 2016 16:13:09 +0800 Subject: libmedia: Initialize mState/mActive value to avoid possible crash If track creation fails on server side, mState/mActive is left unitialized. After this a crash can happen when track stop() is called because of a reference to a NULL object. Initialize mState/mActive to specific value in initialized list of track constructor. Change-Id: If8c3611e3229c0c1b14b81285e07b9357fec7658 CRs-Fixed: 992608 --- media/libmedia/AudioRecord.cpp | 6 +++--- media/libmedia/AudioTrack.cpp | 4 +++- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'media') diff --git a/media/libmedia/AudioRecord.cpp b/media/libmedia/AudioRecord.cpp index fc35a4c..40cad59 100644 --- a/media/libmedia/AudioRecord.cpp +++ b/media/libmedia/AudioRecord.cpp @@ -67,7 +67,7 @@ status_t AudioRecord::getMinFrameCount( // --------------------------------------------------------------------------- AudioRecord::AudioRecord(const String16 &opPackageName) - : mStatus(NO_INIT), mOpPackageName(opPackageName), mSessionId(AUDIO_SESSION_ALLOCATE), + : mActive(false), mStatus(NO_INIT), mOpPackageName(opPackageName), mSessionId(AUDIO_SESSION_ALLOCATE), mPreviousPriority(ANDROID_PRIORITY_NORMAL), mPreviousSchedulingGroup(SP_DEFAULT), mSelectedDeviceId(AUDIO_PORT_HANDLE_NONE) { @@ -89,7 +89,8 @@ AudioRecord::AudioRecord( int uid, pid_t pid, const audio_attributes_t* pAttributes) - : mStatus(NO_INIT), + : mActive(false), + mStatus(NO_INIT), mOpPackageName(opPackageName), mSessionId(AUDIO_SESSION_ALLOCATE), mPreviousPriority(ANDROID_PRIORITY_NORMAL), @@ -273,7 +274,6 @@ status_t AudioRecord::set( } mStatus = NO_ERROR; - mActive = false; mUserData = user; // TODO: add audio hardware input latency here if (mTransfer == TRANSFER_CALLBACK || diff --git a/media/libmedia/AudioTrack.cpp b/media/libmedia/AudioTrack.cpp index d7256f8..ae016ef 100644 --- a/media/libmedia/AudioTrack.cpp +++ b/media/libmedia/AudioTrack.cpp @@ -165,6 +165,7 @@ status_t AudioTrack::getMinFrameCount( AudioTrack::AudioTrack() : mStatus(NO_INIT), + mState(STATE_STOPPED), mIsTimed(false), mPreviousPriority(ANDROID_PRIORITY_NORMAL), mPreviousSchedulingGroup(SP_DEFAULT), @@ -196,6 +197,7 @@ AudioTrack::AudioTrack( const audio_attributes_t* pAttributes, bool doNotReconnect) : mStatus(NO_INIT), + mState(STATE_STOPPED), mIsTimed(false), mPreviousPriority(ANDROID_PRIORITY_NORMAL), mPreviousSchedulingGroup(SP_DEFAULT), @@ -227,6 +229,7 @@ AudioTrack::AudioTrack( const audio_attributes_t* pAttributes, bool doNotReconnect) : mStatus(NO_INIT), + mState(STATE_STOPPED), mIsTimed(false), mPreviousPriority(ANDROID_PRIORITY_NORMAL), mPreviousSchedulingGroup(SP_DEFAULT), @@ -478,7 +481,6 @@ status_t AudioTrack::set( } mStatus = NO_ERROR; - mState = STATE_STOPPED; mUserData = user; mLoopCount = 0; mLoopStart = 0; -- cgit v1.1